Are multiple DKIM records allowed for a domain?

Yes, you can create and update multiple DKIM records for your domain. In fact, it’s one of the best practices in certain scenarios. Each DKIM record corresponds to a different, unique selector that allows the existence and association of multiple public keys. This way, different public keys linked with different email servers or systems can coexist without triggering any technical problems. 

The primary scenarios where this kind of setup is encouraged are-

• If a domain uses several email services (e.g., a CRM, marketing platform, or transactional email service), each service can have its own DKIM key, identified by a unique selector.
• Having multiple DKIM records makes it easier to update your keys smoothly. By using a new selector for each updated key, you can switch to a new key without interrupting email delivery or verification.
• Multiple selectors allow testing new DKIM configurations while the original setup remains active, minimizing disruption

Why should you deploy DKIM?

If you deploy DKIM for your domain, then it helps the recipients’ mail servers verify if the messages they received from your domain were tampered with in transit. This establishes trust between you and the legitimate recipients. 

Authenticated emails are more likely to be placed in the primary inboxes of intended recipients rather than being marked as spam or bouncing back. This ensures your domain’s email deliverability rate is high, which ultimately results in better engagement, conversion, and general communication. A domain consistently sending authenticated emails gains a better reputation, which can lead to higher trust from email providers and recipients.

 By confirming the sender’s identity, DKIM helps protect recipients from phishing attacks that impersonate trusted domains.

How to add multiple DKIM records?

Start by creating multiple DKIM records using an online DKIM record generator tool. 

Then, assign a selector to the record you need to access your DNS to publish it. This can be done manually, or you may even contact your domain registrar to publish the keys on your behalf. 

To publish multiple DKIM records, you need to create separate TXT or CNAME records for each of the sending sources in your DNS. It’s good to use a unique DKIM selector for each record to avoid conflicts with existing ones.

For example:

If you have an existing DKIM record at s1._domainkey.domain.com (where ‘s1’ is your selector), don’t reuse ‘s1’ for other records. Instead, use unique selectors like:

s2._domainkey.domain.com

s3._domainkey.domain.com

s4._domainkey.domain.com

s5._domainkey.domain.com 

Final words

While multiple SPF and DMARC records are not allowed, multiple DKIM records for a domain are entirely safe. In fact, this practice is encouraged because it strengthens your domain against phishing and spoofing. 

Each DKIM signature in your email header shows which selector to use, helping receivers find the correct public key in your DNS. Just make sure each selector is unique to prevent conflicts.

If you have any doubts or want to get started with email authentication, please reach out to us. Our DuoCircle team of experts is always here to help.